When managing ESXi environments, it is often necessary to confirm whether a host is integrated with an Active Directory (AD) domain. This verification is important for troubleshooting authentication issues, validating user permissions, and ensuring compliance with security policies. This article describes methods to check the AD domain membership status of an ESXi host.

• VMware ESXi 7.x, 8.x, 9.x

• vCenter Server

• Active Directory integration configured or under evaluation

The Active Directory join status of an ESXi host can be confirmed through any of the following approaches,

1. vCenter vSphere Client

• Log in to vCenter Server 
• Navigate to the ESXi host -> Configure -> Authentication Services
• Check the Directory Services Configuration -> Directory Services Type
• If the host is joined to an AD domain,
  * The Type displays Active Directory
  * Domain Settings -> Domain shows the domain name.
• If the host is not joined to AD,
  * the Type displays "Local Authentication".

2. ESXi Host UI

• Directly connect to ESXi host through web browser
• Navigate to Manage -> Security & users -> Authentication
• If the host is joined to an AD domain,
  * Active directory enabled displays Yes
  * Joined domain shows the domain name
• If the host is not joined to AD,
  * Active directory enabled displays No

3. ESXi Shell or SSH

1. Access the ESXi Shell locally or via SSH.
2. Run the following command,
    
    /usr/lib/vmware/likewise/bin/domainjoin-cli 
3. If the host is joined to an AD domain
   * The output displays Domain and Distinguished Name of the joined domain
4. If the host is not joined to AD
   * The output returns an error similar to "Error: ERROR_FILE_NOT_FOUND [code 0x00000002]"